Dangerous malware infects via P2P music

New worm aimed at music sharers

Jeremy Kirk

Music fans running Windows are being targeted by new worm-like malware that attacks those who download tracks from peer-to-peer (P2P) networks.

Playing an infected music file will launch Internet Explorer, and load a malicious web page which asks the user to download a codec, a well-known trick to get someone to download malware.

The actual download is not a codec but a Trojan horse, which installs a proxy program on the PC, according to David Emm, senior technology consultant at Kaspersky. The proxy program allows hackers to route other traffic through the compromised PC, helping the hacker essentially cover their tracks for other malicious activity, Emm said.

"The possibility of this has been known for a little while but this is the first time we've seen it done," said Emm.

The malware has worm-like qualities. Once on a PC, it looks for MP3 or MP2 audio files, transcodes them to Microsoft's Windows Media Audio format, wraps them in an ASF container and adds links to further copies of the malware, in the guise of a codec, according to another security analyst, Secure Computing.

The '.mp3' extension of the files is not modified, however, so victims may not immediately notice the change, according to Kaspersky.

Most savvy PC users are aware of the codec ruse, but the style of attack is still effective since many media players do need to receive updated codecs occasionally in order to play files.

"Users downloading from P2P networks need to exercise caution anyway, but should also be sensitive to pop-ups appearing upon playing a downloaded video or audio stream," Secure Computing said.

Users on a digital audio enthusiast site differed over the danger level of the malware.

"I never allow programs to choose which codecs I use to play back media," wrote JXL on the Hydrogen Audio forum "I research it and get the codec bundles off of sites I know to be trustworthy and even then I still scan them and check to make sure they are what they are. I honestly don't feel that this malware has a very good chance of spreading fast."

*** From: http://www.pcadvisor.co.uk/news/index.cfm?newsid=13781&

Spyware-Malware 101: Understanding the Secret Digital War of the Internet

From Paul Gil,
Your Guide to Internet for Beginners.

How Rogue Software Hurts Us All

1) What is “Spyware”?

Forget viruses, spam and hacker attacks..."spyware" is now the single largest problem facing internet users today. These nasty little rogue programs have become so widespread and so infectious, their volume far outstrips spam and regular viruses. The spyware problem has grown to such an immense breadth and depth, we cannot even agree on what to call it.

2) Spyware = 'Malware' Most people historically call these rogue programs "spyware".

That name comes from the 1990's where nasty little programs secretly observed and logged your web surfing habits. The spyware problem, however, has now grown into dozens of other malicious formats, including sneakware, adware, keyloggers, browser hijackers, porn servers, trojans and worms Because the spyware problem has mutated so much, we now describe spyware as part of a much larger category of rogue software called "malware" (malicious software programs). At its most basic definition, malware is when insidious little software programs covertly install themselves on your computer, and then perform secret operations without your permission. Once in place, malware programs may do hundreds of nasty things to your computer. Malware will log your keystrokes, steal your passwords, observe your browsing choices, spawn pop-up windows, send you targeted email, redirect your web browser to phishing pages, report your personal information to distant servers, and serve up pornography. This malware will operate invisibly, often without displaying itself in your Task Manager. To top it off, malware usually refuses to be uninstalled through your control panel, and requires special tools to delete them from your drive. Yes, this is a direct cousin to viruses, but with a broader portfolio of wicked intentions.

3) What does Spyware/Malware specifically do to my computer?

Malware will perform a variety of nasty activities, ranging from simple email advertising all the way to complex identity-theft and password-stealing. New nasty functions are created every week by malware programmers, but the most common malware functions are:

1. Malware steals your personal information and address book (identity theft and keystroke-logging). 2. Malware floods your browser with pop-up advertising.
3. Malware spams your inbox with advertising email.
4. Malware slows down your connection.
5. Malware hijacks your browser and redirects you to an advertising or a phishing-con web page.
6. Malware uses your computer as a secret server to broadcast pornography files.
7. Malware slows down or crashes your computer.

4) Where does Spyware/Malware come from?

Spyware/malware programs are authored by clever programmers, and then delivered to your computer through covert Internet installs. Usually, malware will piggyback on innocent-looking web page components and otherwise-benign software such as game demos, MP3 players, search toolbars, software, free subscriptions, and other things you download from the web. Subscribing to online services is especially bad for getting malware. In particular, whenever you sign up for a so-called "free" service or install new software, you must accept an "end user license agreement" (EULA). The fine print of the EULA will often include the phrase "the vendor is allowed to install third-party software on your computer". Since most users don't bother to read this EULA fine print, they naively click "accept", and install malware out of sheer ignorance.

5) What kind of personal information does Spyware/Malware steal?

This varies from the non-confidential to the extremely-personal. The malware may simply steal a listing of your MP3s or recent website visits. Malware may also harvest your email address book. At its very worst, malware will steal your banking PIN, your eBay login, and your Paypal information (aka "keystroke logging" identity theft). Yes, spyware/malware is a very serious Internet problem that threatens everyone's personal privacy, and network administrators everywhere are deeply concerned.

*** From: http://netforbeginners.about.com/od/antivirusantispyware/a/malware101.htm

The 2008 Malware War: How to Clean Out the Enemy

From Paul Gil,
Your Guide to Internet for Beginners.

How Do I Protect Myself from this 2008 Epidemic of Spyware/Malware?

Answer: Avoiding and destroying spyware is not instant, and it is not a one-time event like an inoculation. Instead, stopping spyware/malware is a long-term game that is exactly like cleaning dirt out of your home. You need constant vigilance, and a regular habit of cleaning malware out of your computer every week.

Note: Additionally, as an educated user, you must also adopt a "buyer beware" attitude whenever you install new software from the Net or even from CD...you need to read every end user license agreement on your screen before you click "accept".

Here is the checklist for detecting and destroying malware

1. Install two or three different anti-spyware programs ("spyware cleaners") on your computer, and update their definition lists regularly. Because every anti-spyware cleaner is imperfect, it is necessary to use combinations of these programs to catch the greatest breadth of malware.

Also, the anti-spyware manufacturers regularly add new entries to their "definition" lists, just like anti-virus software. Make sure to keep your spyware cleaners updated with these lists!

2. Build a weekly habit of "scan and detect". Like cleaning house, this should be done every few days. At the very least, this should be done whenever you install new software. Many anti-spyware programs can be set to automatically perform scan-and-detect nightly.

3. Carefully read every EULA (end user license agreement) before clicking "accept". If you see the phrase "3rd-party software may be installed", make sure to follow the software install with a spyware cleaning.

4. Educate yourself on the latest strains of malware. In particular, start visiting these recommended anti-spyware sites, and update yourself on the latest malicious programs.

* Antivirus/Antispyware at About
* Network Security at About
* PestPatrol.com database
* Spywareguide.com
* SpywareWarrior.com
* SurferBeware.com
* Cexx.org

5. Save your data, and backup often! As much as it sounds like broken-record preaching, backing-up is how an intelligent user prepares for the worst. Backing up means: keep your original software CDs in a safe accessible place, constantly save copies of your important work files on CD or separate drives, and presume you will actually need them one day. This way, if you ever experience the extreme spyware circumstance of having to reformat your hard drive, you can at least recover your important work.

There you go, fellow Internet users. Your lives now have an extra complexity as you add one more cleaning habit to your weekly routine. The good news is: once you build a regular scan-and-detect habit, then spyware and malware will be reduced to a mere annoyance, and you can get back to business of enjoying the internet! Personally, I think of it as having one more room in my house to dust and vacuum. Keep the faith, fellow webbies... the internet is too important to let these malware programmers win!


*** From: http://netforbeginners.about.com/od/antivirusantispyware/a/malware101_2.htm